Cyber criminals are distributing a least one fake version of the viral FaceApp age challenge warns security company Kaspersky. Those users downloading and installing the fake version are infected with the MobiDash adware. MobiDash then sits on the users phone and displays adverts.
The first detections of the malicious fake came on July 7. Since then, the numbers of infected users has begun to accelerate. At the end of last week Kaspersky’s own data says that 500 users were infected in just 48 hours. As this is just the start of the malware campaign, that number is likely to increase quickly.
According to Igor Golovin, Security Researcher at Kaspersky: “Kaspersky has identified a fake application that is designed to trick users into thinking it is a certified version of FaceApp but goes on to infect victims’ devices with an adware module called MobiDash.
Once the application is downloaded from unofficial sources and installed, it simulates a failure and is subsequently removed. After that, a malicious module in the application rests discreetly on the user’s device, displaying adverts.”
What is MobiDash?
MobiDash is an adware programme. Once installed on a machine, it starts to display ads that the user is not expecting. Deleting can be difficult as it uses stealth techniques to hide itself. It takes advantage of the way that Android works to make deleting it difficult. Although there are ways to find and delete the app they are not always simple for the user.
What makes this particular version of MobiDash interesting is the number of different modules that can be installed. According to Golovin: “There were almost 800 different module modifications identified.”
It is not clear what these modules do. It could be that each one is a separate campaign that the adware creators are being paid to promote. Equally, they could be a combination of ad campaigns, redirection to other websites or the capability of downloading other malware.
The FaceApp Challenge – an ongoing saga
Cyber criminals creating fake versions of the FaceApp Challenge is just the latest saga for this viral app. Over the last two years, the FaceApp Challenge has been downloaded by large numbers of people. Early celebrity endorsements through usage helped to drive its popularity. What it does is take an image, use an AI engine and age the image by however many years the user wants. On the face of it, nothing more than a bit of fun.
However, in the last three weeks it has been the subject of a lot of editorial and even a demand the FBI investigates it. There are good reasons for this. The terms and conditions that users agree to (but rarely, if ever, read) grant it the right to use and modify any images in perpetuity. For most users of the app, it’s a “so what” moment. A large number of apps today use similar terms and conditions which does nothing to diminish their use.
Images are processed, and data stored, on a server based in Russia. The owners of the app claim they delete most after 48 hours but won’t say why some data is retained. In addition, when an image containing more than one face is uploaded, it means that other people are having their images uploaded without consent.
One reason for gathering all this data could be to create a large database for facial recognition. This is controversial. IBM was roundly criticised when it used images from Instagram to create databases for its research. Yet, just as in this case, the users had signed over the right to Instagram to collect and use their images.
Enterprise Times: What does this mean
Viral apps, natural disasters, plane crashes and high profile media stories are all good news for cyber criminals. They will hook into all of these to exploit the natural and sometime morbid curiosity of people. In this case they are hooking into the viral success of the FaceApp Challenge and the media circus from the last few weeks.
Although Kaspersky has seen less than a thousand installs in the last few weeks, that number will quickly increase. Some of those infected will have downloaded the app from official app stores. Many more will have downloaded it from mirror sites and via ads on the Internet. A lot of those ads are designed solely to direct the user to infected or fake versions of the app.
The advice from Golovin is: “not to download applications from unofficial sources and to install security solutions on their devices to avoid any damage”. In addition, users should always read the licence agreements and, even more importantly, check what permissions the app wants on your device.